The `set_creds` function returns a pair of ScopedUid/ScopedGid objects (well, they're `Option<Scoped...>`) that change the effective uid and gid of the calling thread for the duration of their scope. That is, once they're dropped, they "pop" the new uid/gid back to uid/gid 0.
Trouble is, right now, these objects' scope is actually the lexical block of the if statement. This means the current thread's uid/gid changes only for the scope of the if-statement and then is popped back to uid/gid 0 before attempting the write. To fix this, retain these objects for the enclosing function scope rather than just the scope of the if statement. This way, the thread's uid/gid change is effective for the duration of the write, which I believe was the original intent. Note: I was unable to test this with a mainline kernel. I dug into it, and I think it's a backwards compatibility mixup in the FUSE module. I sent a patch upstream[1]. I also tested _this_ patch with a patched kernel and verified this works as intended. I also verified that _without this patch_, the privileges are not killed. [1] https://lore.kernel.org/linux-fsdevel/[email protected]/T/#u Signed-off-by: Connor Kuehl <[email protected]> --- https://gitlab.com/virtio-fs/virtiofsd-rs/-/merge_requests/24 _______________________________________________ Virtio-fs mailing list [email protected] https://listman.redhat.com/mailman/listinfo/virtio-fs
